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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 1 1 July 2000 . 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-43 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1-43 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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a)0 All b)D Some*c)D None of: 
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Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
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a) D The translation of the foreign language provisional application has been received. 
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reference was included in the first sentence of the specification or in an Application Data Sheet. 37 CFR 1 .78. 
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DETAILED ACTION 

1 . This office Action is in response to applicants' application serial no. 
09/614,087 filed on 7/11/2000. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on 7/1 1/2000 has 
been considered by the examiner. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 

U.S.C. 102 that form the basis for the rejections under this section made in this 

Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

Claims 1-43 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Blakley, III et al. (U.S. Patent No. 5,862,323, hereinafter Blakley). 

In respect to claim 1 , Blakley discloses a computing environment having a 
connection to a network, a computer program product for securely propagating 
security credentials using a trusted authenticating domain, the computer program 
product embodied on one or more computer-readable media and comprising: 

computer-readable program code means for establishing a secure 
connection between a client and a password synchronization agent (PSA) (see 
col. 3, lines 35-46); 



Application/Controlwmber: 09/614,087 w Page 3 

Art Unit: 2134 

computer-readable program code means for transmitting an identifier of a 
user and an identifying secret of the user to the PSA (see col. 3, lines 35-46); 

computer-readable program code means for validating the user with the 
trusted authenticating domain using the transmitted user identifier and identifying 
secret; and computer-readable program code means for propagating the 
identifying secret of the user to a master registry if the validation succeeds (see 
col. 3, lines 9-19, col. 2, line 55-col. 3, line 20). 

In respect to claim 2, Blakley discloses the computer program product 
according to Claim 1, further comprising: 

computer-readable program code means for establishing a second secure 
connection between the PSA and the trusted authenticating domain; and 

computer-readable program code means for using the second secure 
connection for the validating of the user (see col. 6, lines 22-34). 

In respect to claim 3, Blakley discloses the computer program product 
according to Claim 1, further comprising: 

computer-readable program code means for establishing a third secure 
connection between the PSA and the master registry (see col. 6, lines 22-34); 
and 

computer-readable program code means for using the third secure 
connection for the propagating of the identifying secret to the master registry (see 
col. 11 lines 27-31). 

In respect to claim 4, Blakley discloses the computer program product 
according to Claim 1 , further comprising computer readable program code 
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means for propagating the identifying secret to one or more other target registries 
if the validation succeeds (see col. 8, lines 34-44). 

In respect to claim 5, Blakley discloses the computer program product 
according to Claim 4, further comprising: 

computer-readable program code means for establishing additional secure 
connections between the PSA and each of the other target registries (see col. 8, 
lines 34-44); and 

computer-readable program code means for using the additional secure 
connections for the propagating of the identifying secret to the other target 
registries (see col. 8, lines 34-44). 

In respect to claim 6, Blakley discloses the computer program product 
according to Claim 1 1 . further comprising: 

computer-readable program code means for obtaining an identification of 
the trusted authenticating domain from the user (see col. 5, line 49-col. 6, line 2); 
and 

computer-readable program code means for verifying that the trusted 
authenticating domain is trusted by the master registry as a prerequisite to the 
propagating (see col. 3, line 54-60, col, 6, lines 40-60). 

In respect to claim 7, Blakley discloses the computer program product 
according to Claim 1, further comprising: 

computer-readable program code means for obtaining an identification of 
the trusted authenticating domain from the master registry (see col. 6, lines 40- 
60). 
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In respect to claim 8, Blakley discloses the computer program product 
according to Claim 6, wherein the master registry stores trust policy information, 
and wherein the computer-readable program code means for verifying that the 
trusted authenticating domain is trusted further comprises computer-readable 
program code means for checking whether the stored trust policy information for 
the user includes the identification obtained from the user (see col. 3, lines 54-60, 
col. 5, line 49-col. 6, line 2 and col. 6, lines 40-60). 

In respect to claim 9, Blakley discloses the computer program product 
according to Claim 5, wherein the master registry stores trust policy information, 
and wherein the computer-readable program code means for verifying that the 
trusted authenticating domain is trusted further comprises computer-readable 
program code means for checking whether the stored trust policy information for 
a user group of which the user is a member includes the identification obtained 
from the user (see col. 6, lines 40-60). 

In respect to claim 10, Blakley discloses the computer program product 
according to Claim 7, wherein the master registry stores trust policy information, 
and wherein the computer-readable program code means for obtaining the 
identification of the trusted authenticating domain from the master registry further 
comprises: 

computer-readable program code means for obtaining the identification 
using the stored trust policy information for the user (see col. 3, lines 54-60, col. 
6, lines 40-60). 
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In respect to claim 1 1 , Blakley discloses the computer program product 
according to Claim 7, wherein the master registry stores trust policy information, 
and wherein the computer-readable program code means for obtaining the 
identification of the trusted authenticating domain from the master registry further 
comprises computer-readable program code means for obtaining the 
identification using the stored trust policy information for a user group of which 
the user is a member (see col. 6, lines 40-60). 

In respect to claim 12, Blakley discloses the computer program product 
according to Claim 4, wherein the master registry stores password 
synchronization policy information, and wherein the computer-readable program 
code means for propagating the identifying secret to the one or more other target 
registries further comprises computer-readable program code means for 
identifying the one or more other target registries using the stored password 
synchronization policy information for the user (see col. 8, lines 34-44). 

In respect to claim 13, Blakley discloses the computer program product 
according to Claim 4. wherein the master registry stores password 
synchronization policy information, and wherein the computer-readable program 
code means for propagating the identifying secret to the one or more other target 
registries further comprises computer-readable program code means for 
identifying the one or more other target registries using the stored password 
synchronization policy information for a user group of which the user is a member 
(see col. 7, lines 24-50). 
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In respect to claim 14, Blakley discloses the computer program product 
according to Claim 1 , wherein the computer-readable program code means for 
establishing the secure connection further comprises computer-readable 
program code means for authenticating the PSA to the client (see col. 2, lines 34- 
45). 

In respect to claim 15, Blakley discloses the computer program product 
according to Claim 2, wherein the computer-readable program code means for 
establishing the second secure connection further comprises computer readable 
program code means for authenticating the trusted authenticating domain to the 
PSA (see col. 2, lines 34-45). 

In respect to claim 16, Blakley discloses the computer program product 
according to Claim 3, wherein the computer-readable program code means for 
establishing the third secure connection further comprises computer readable 
program code means for authenticating the master registry to the PSA (see col. 
2, lines 34-45). 

In respect to claim 17, Blakley discloses the computer program product 
according to Claim 5, wherein the computer-readable program code means for 
establishing additional secure connections further comprises computer readable 
program code means for authenticating the other target registries to the PSA 
(see col. 8, lines 34-44). 

In respect to claim 18, Blakley discloses the computer program product 
according to Claim 1 , wherein the computer-readable program code means for 
validating further comprises: 
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computer-readable program code means for performing a security function 
on the identifying secret of the user, wherein the security function comprises one 
of (i) a one-way hashing algorithm or (ii) an encryption algorithm (see col. 3, lines 
9-19); 

computer-readable program code means for using the user identifier to 
locate a previously-stored identifying secret of the user which was stored by the 
trusted authenticating domain; and computer-readable program code means for 
comparing the located identifying secret to a result of performing the security 
function (see col. 2, lines 34-45). 

In respect to claim 19, Blakley discloses the computer program product 
according to Claim 1 , wherein the computer-readable program code means for 
validating further comprises computer-readable program code means for 
invoking an authenticated LDAP bind or other native authentication mechanism 
of the trusted authenticating domain, wherein the identifier of the user and the 
identifying secret of the user are passed to the trusted authenticating domain, 
thereby causing the trusted authenticating domain to validate the passed 
identifier and identifying secret and return a result which reports a success or 
failure of the validation (see col. 7, line 52-col. 8, line 4). 

In respect to claim 20, Blakley discloses the computer program product 
according to Claim 1, wherein the PSA has administrative authority for 
performing operations at the master registry (see col. 1 1 , lines 27-31 ). 

In respect to claim 21, Blakley discloses the computer program product 
according to Claim 4, wherein the PSA has administrative authority for 
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performing operations at the one or more other target registries (see col. 3, lines 
35-53). 

In respect to claims 22-42, the claim limitations are system claims that are 
substantially similar to computer readable medium claims 1-21 . Therefore, 
claims 22-42 are rejected based on the similar rationale. 

In respect to claim 43, the claim limitation is a. method claim that is 
substantially similar to computer readable medium claim 1 . Therefore, claim 43 
is rejected based on the similar rationale. 



4. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

-Huynh et al. Disclose a system, method and data structure provide for 
securely synchronizing passwords and/or other information between systems. 

-Swift et al. disclose a method for changing passwords on a remote 
computer. 

-Blakely, III et al. disclose a configurable password integrity servers for 
use in a shared resource environment. 

-Perlman discloses a method and system for establishing a shared secret 
using an authentication token. 

-Suchter discloses a managing changes to a directory of electronic 
documents. 



Conclusion 
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Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Tongoc Tran whose telephone number is 
(703) 305-7690. The examiner can normally be reached on 8:30-5:00 M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gregory A. Morse can be reached on (703) 308-4789. 
The fax phone number for the organization where this application or proceeding 
is assigned is (703) 746-7240. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 
(703)305-9600. 
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